ID CVE-1999-0045
Summary List of arbitrary files on Web host via nph-test-cgi script.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 0.8.11
    cpe:2.3:a:apache:http_server:0.8.11
  • Apache Software Foundation Apache HTTP Server 0.8.14
    cpe:2.3:a:apache:http_server:0.8.14
  • Apache Software Foundation Apache HTTP Server 1.0
    cpe:2.3:a:apache:http_server:1.0
  • Apache Software Foundation Apache HTTP Server 1.0.2
    cpe:2.3:a:apache:http_server:1.0.2
  • Apache Software Foundation Apache HTTP Server 1.0.3
    cpe:2.3:a:apache:http_server:1.0.3
  • Apache Software Foundation Apache HTTP Server 1.0.5
    cpe:2.3:a:apache:http_server:1.0.5
  • Apache Software Foundation Apache HTTP Server 1.1
    cpe:2.3:a:apache:http_server:1.1
  • Netscape Netscape Commerce Server 1.12
    cpe:2.3:a:netscape:commerce_server:1.12
  • Netscape Netscape Communications Server 1.1
    cpe:2.3:a:netscape:communications_server:1.1
  • Netscape Netscape Communications Server 1.12
    cpe:2.3:a:netscape:communications_server:1.12
  • cpe:2.3:a:netscape:enterprise_server:2.0a
    cpe:2.3:a:netscape:enterprise_server:2.0a
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Apache. CVE-1999-0045. Dos exploits for multiple platform
id EDB-ID:19536
last seen 2016-02-02
modified 1996-12-10
published 1996-12-10
reporter Josh Richards
source https://www.exploit-db.com/download/19536/
title Apache <= 1.1 / NCSA httpd <= 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Vulnerability
nessus via4
NASL family CGI abuses
NASL id NPH-TEST-CGI.NASL
description The remote web server contains the 'nph-test-cgi' test script, which is included by default with some web servers. The version of this script on the remote host fails to quote input to several environment variables, such as 'QUERY_STRING', before echoing it back as part of a shell script. An unauthenticated attacker can leverage this issue to list the contents of directories on the remote host, subject to the permissions of the web server user id.
last seen 2019-02-21
modified 2018-06-13
plugin id 10165
published 1999-06-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10165
title NCDSA HTTPd nph-test-cgi Arbitrary Directory Listing
refmap via4
cert CA-97.07.nph-test-cgi_script
xf http-cgi-nph
Last major update 09-09-2008 - 08:33
Published 10-12-1996 - 00:00
Back to Top